Overview

overview

7

Static

static

3

1dd7974683...0d.exe

windows7-x64

7

1dd7974683...0d.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    126s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-12-2023 21:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1dd79746839660c6dd3d5bb2b27af50d.exe

  • Size

    24KB

  • MD5

    1dd79746839660c6dd3d5bb2b27af50d

  • SHA1

    d425f8343d45f8a01fe0c22a0de63ee1c03c93df

  • SHA256

    e40d5f883f0dc8222c4de670067b439d5b908b4f73ff923d5e1f94bee7846ab8

  • SHA512

    e5b943adabd06d4b1663c5230c2d178e9cc9029174725acc445b09ab0bbcf7d9cf5d81791480eeeda577c7191a2d2ce67178266e2afab96d5d4251f728934c6c

  • SSDEEP

    384:EniVoyLcKQuXb3NLK83r6nCXo29b4Pu27X3NyE90EPuNAIRzhXtoc8:EGCur3Np3eA9kPpnrrPx2zhXG/

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 1 IoCs
  • Program crash 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1dd79746839660c6dd3d5bb2b27af50d.exe
    "C:\Users\Admin\AppData\Local\Temp\1dd79746839660c6dd3d5bb2b27af50d.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2928
    • C:\Windows\tmp.tmp.tmp1
      C:\Windows\tmp.tmp.tmp1
      2⤵
      • Executes dropped EXE
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:3704
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 268
        3⤵
        • Program crash
        PID:1312
  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3460
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 3704 -ip 3704
      1⤵
        PID:2712

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Windows\tmp.tmp.tmp1
        Filesize

        1KB

        MD5

        50089a3b3dffcc902eb579b16a4a5c1d

        SHA1

        a89e04d86f91fdbafb72311b6ef23e39f700c655

        SHA256

        93957c8c22611e8b34706d3d8d703e8c73b71d8d0497ecf0ccc69eb707b57d80

        SHA512

        6a5ff47bd827204eab01d7c793373eaed73096704e7f7d3fd56148ad31a5dbff8f50929031a82c62d82b0e9ca5243d995b59c8a9c8041bd4a3dc0a285b7fc7b8

        Download Submit

      • memory/2928-0-0x0000000000400000-0x0000000000408000-memory.dmp

        Filesize

        32KB

        Download

      • memory/2928-10-0x0000000000400000-0x0000000000408000-memory.dmp

        Filesize

        32KB

        Download

      • memory/3704-9-0x0000000000400000-0x0000000000402000-memory.dmp

        Filesize

        8KB

        Download